2017-02-21 16:17:23 -05:00
|
|
|
Rails.application.configure do |config|
|
2018-05-07 04:13:27 -04:00
|
|
|
Warden::Manager.after_set_user(scope: :user) do |user, auth, opts|
|
2017-02-21 16:17:23 -05:00
|
|
|
Gitlab::Auth::UniqueIpsLimiter.limit_user!(user)
|
2018-07-17 08:50:04 -04:00
|
|
|
|
2018-08-01 09:56:44 -04:00
|
|
|
activity = Gitlab::Auth::Activity.new(opts)
|
2018-07-31 03:24:19 -04:00
|
|
|
|
2018-07-27 06:19:34 -04:00
|
|
|
case opts[:event]
|
|
|
|
when :authentication
|
2018-07-31 03:24:19 -04:00
|
|
|
activity.user_authenticated!
|
2018-07-27 06:19:34 -04:00
|
|
|
when :set_user
|
2018-07-31 03:24:19 -04:00
|
|
|
activity.user_authenticated!
|
|
|
|
activity.user_session_override!
|
2018-07-27 09:25:21 -04:00
|
|
|
when :fetch # rubocop:disable Lint/EmptyWhen
|
|
|
|
# We ignore session fetch events
|
2018-07-27 06:19:34 -04:00
|
|
|
else
|
2018-07-31 03:24:19 -04:00
|
|
|
activity.user_session_override!
|
2018-07-20 10:00:28 -04:00
|
|
|
end
|
2018-01-15 00:10:48 -05:00
|
|
|
end
|
2018-05-02 04:08:16 -04:00
|
|
|
|
2018-05-07 04:13:27 -04:00
|
|
|
Warden::Manager.after_authentication(scope: :user) do |user, auth, opts|
|
2018-05-02 04:08:16 -04:00
|
|
|
ActiveSession.cleanup(user)
|
|
|
|
end
|
|
|
|
|
2018-05-07 04:13:27 -04:00
|
|
|
Warden::Manager.after_set_user(scope: :user, only: :fetch) do |user, auth, opts|
|
2018-05-02 04:08:16 -04:00
|
|
|
ActiveSession.set(user, auth.request)
|
2018-07-17 08:50:04 -04:00
|
|
|
end
|
|
|
|
|
2018-07-27 06:19:34 -04:00
|
|
|
Warden::Manager.before_failure(scope: :user) do |env, opts|
|
2018-08-01 09:56:44 -04:00
|
|
|
Gitlab::Auth::Activity.new(opts).user_authentication_failed!
|
2018-05-02 04:08:16 -04:00
|
|
|
end
|
|
|
|
|
2018-08-01 09:56:44 -04:00
|
|
|
Warden::Manager.before_logout(scope: :user) do |user, auth, opts|
|
2018-08-03 07:06:38 -04:00
|
|
|
user ||= auth.user
|
2018-08-02 09:30:27 -04:00
|
|
|
activity = Gitlab::Auth::Activity.new(opts)
|
|
|
|
tracker = Gitlab::Auth::BlockedUserTracker.new(user, auth)
|
|
|
|
|
2018-08-03 07:06:38 -04:00
|
|
|
ActiveSession.destroy(user, auth.request.session.id)
|
2018-08-03 07:00:14 -04:00
|
|
|
activity.user_session_destroyed!
|
|
|
|
|
2018-08-02 09:30:27 -04:00
|
|
|
##
|
|
|
|
# It is possible that `before_logout` event is going to be triggered
|
|
|
|
# multiple times during the request lifecycle. We want to increment
|
|
|
|
# metrics and write logs only once in that case.
|
|
|
|
#
|
2018-08-03 07:06:38 -04:00
|
|
|
# 'warden.auth.*' is our custom hash key that follows usual convention
|
|
|
|
# of naming keys in the Rack env hash.
|
2018-08-03 06:58:00 -04:00
|
|
|
#
|
2018-08-03 07:06:38 -04:00
|
|
|
next if auth.env['warden.auth.user.blocked']
|
2018-07-23 09:13:11 -04:00
|
|
|
|
2018-08-01 09:56:44 -04:00
|
|
|
if user.blocked?
|
2018-08-02 09:30:27 -04:00
|
|
|
activity.user_blocked!
|
|
|
|
tracker.log_activity!
|
2018-08-01 08:23:06 -04:00
|
|
|
end
|
2018-08-03 07:06:38 -04:00
|
|
|
|
|
|
|
auth.env['warden.auth.user.blocked'] = true
|
2018-05-02 04:08:16 -04:00
|
|
|
end
|
2017-02-21 16:17:23 -05:00
|
|
|
end
|